[buddypress-trac] [BuddyPress Trac] #7401: Wrong user data leak with external object cache
buddypress-trac
noreply at wordpress.org
Tue Dec 20 08:17:43 UTC 2016
#7401: Wrong user data leak with external object cache
------------------------------+-----------------------------
Reporter: m_uysl | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Extended Profile | Version:
Severity: normal | Keywords:
------------------------------+-----------------------------
'''Steps to reproduce'''
Create a new field group and add field(s). Ex: "Facebook"
Create new user and leave "Facebook" field empty.
Fill your "Facebook" field.
Create new php file and try to fetch non-exist data.
{{{#!php
<?php
require_once 'wp-load.php';
$maybe_has_facebook = BP_XProfile_ProfileData::get_value_byid(
xprofile_get_field_id_from_name('Facebook'), 2 );
}}}
Then try to edit that user, you will see your field data in there.
This problem caused by missing `$field_id` when creating empty cache
https://buddypress.trac.wordpress.org/browser/tags/2.7.3/src/bp-
xprofile/classes/class-bp-xprofile-profiledata.php#L492 and
https://buddypress.trac.wordpress.org/browser/tags/2.7.3/src/bp-
xprofile/classes/class-bp-xprofile-group.php#L450 fetching wrong data in
there.
Tested with memcached/redis on trunk.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/7401>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list